An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim
CVE-2019-3719 is an RCE vulnerability in Dell’s SupportAssist Client software. The bug could allow remote unauthenticated attackers on the same Network Access layer to execute arbitrary code on vulnerable Dell machines. Here’s the official description of CVE-2019-3719: Dell SupportAssist Client…
Another day, another vulnerability. The cybersecurity mantra is giving us another serious issue in Oracle WebLogic Server. The vulnerability, identified as CVE-2019-2568, is easily exploitable and can allow an attacker with low privileges and network access via HTTP to compromise…
Have your files been encrypted with the .guesswho extension? The .guesswho files virus is a new ransomware threat that is currently infecting users. Update September 2019. The .guesswho ransomware is still present on the malware scene. The .guesswho virus infection…
Are you an owner of a smart home? If yes, maybe you’re acquainted with the Belkin Wemo Insight smart plug. It serves to turn your lights and appliances on and off, and it can also monitor them from anywhere. The…
Are you using Google Chrome? Perhaps you know that Google just released Chrome 74 to the Stable Desktop channel, and Windows, Mac, and Linux users can now download the most recent version of the browser. Note that Chrome 74 introduces…
A trojanized version of TeamViewer has been used in targeted attacks against governmental and financial institutions. The application has been maliciously modified to steal financial information from targets in Europe and worldwide. Among the targeted countries are Nepal, Kenya, Liberia,…
The source code of the infamous Carbanak banking malware was discovered uploaded on VirusTotal. More precisely, security researchers from FireEye say that they found the malware’s source code, builders, and some unknown plugins in two RAR archives that were uploaded…
Password hygiene has not improved much when compared to data we analyzed in 2015. Apparently, the list of worst passwords doesn’t change from year to year, with users continuing to use weak passwords for their accounts. New statistics reveal that…
It’s a fact that we’re facing new vulnerabilities daily. Today’s share of flaws comes from Broadcom WiFi chipset drivers. The flaws (CVE-2019-9503, CVE-2019-9500, CVE-2019-9501, CVE-2019-9502) affect multiple operating systems and could allow remote attackers to perform arbitrary code execution resulting…
„А series of rampant malvertising campaigns“ targeting iOS users have been detected. The campaigns targeted both US and European publishers, and respectively users. According to Confiant security researchers the malicious activities come from a known threat actor called eGobbler that…
Yet another sextortion scam is sneaking into users’ inboxes. The scam which is using the “Warning! Account compromised!” subject line is relying on the spoofing technique to make the user believe their system has been hacked. What Is Spoofing? Spoofing…
If you use AdBlock, AdBlock Plus or uBlock, you should be aware that a security researcher discovered a vulnerability in their filter systems. The loophole may allow remote attackers to inject arbitrary code into web pages. The discovery was made…
Scranos is the name of a new rootkit-enabled spyware which despite its current sophistication appears to be “work-in-progress”. Bitdefender researchers recently discovered that the operators of Scranos are continuously testing new components on already-infected users and regularly making minor improvement…
CVE-2019-0859 is a zero-day vulnerability which was part of this month‘s Patch Tuesday. The vulnerability was detected by Kaskersky Lab researchers who just released detailed technical resume of the issue. In March 2019, Kaspersky’s Exploit Prevention (EP) systems detected an…
Microsoft has declined to patch a zero-day vulnerability in Internet Explorer for which a security researcher published details and proof-of-concept. The flaw can allow attackers to steal files from computers running Windows. More specifically, the researcher successfully tested the zero-day…
New alarming statistics reveal that approximately 25 percent of phishing emails taken from a batch of 55 million analyzed emails were marked as clean by Office 365 Exchange Online Protection (EOP). This means that these phishing emails got to recipients’…
A new research reveals vulnerabilities in “a limited number of early implementations of WPA3™-Personal, where those devices allow collection of side channel information on a device running an attacker’s software, do not properly implement certain cryptographic operations, or use unsuitable…
A new highly sophisticated APT framework used for spying purposes was recently uncovered by security researchers. The malicious framework has been in operation for at least 5 years but it’s the first time it’s been detected. The framework has been…
April 2019 Patch Tuesday is here, consisting of fixes for 74 vulnerabilities. Note that two of the flaws (CVE-2019-0803 and CVE-2019-0859, see details below) are actively exploited in attacks in the wild. 13 of the vulnerabilities are rated critical, and…
Verizon Fios Quantum Gateway contains three high-severity vulnerabilities (CVE-2019-3914, CVE-2019-3915, CVE-2019-3916). which could allow command injection. When exploited at once, the flaws could give an attacker complete control over a network. Note that the device is used by millions of…
